From 4c7880cfb2525010515a1d49cb5e1e32260ce3f2 Mon Sep 17 00:00:00 2001 From: 2byrds <2byrds@gmail.com> Date: Wed, 1 May 2024 11:33:08 -0400 Subject: [PATCH 1/4] improving readme and support for legacy vlei. fixes to verification keys to issuee Signed-off-by: 2byrds <2byrds@gmail.com> --- README.md | 48 +++++++++++++++++-------------- docker-compose.yml | 8 +++--- src/verifier/core/authorizing.py | 15 ++++++---- tests/common.py | 9 +++--- tests/conftest.py | 2 -- tests/core/test_verifying.py | 2 +- tests/integration/test_service.py | 8 +++--- 7 files changed, 51 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index b8528d8..7dd0734 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # vlei-verifier -A service to verify signatures created by AIDs using [KERI](https://keri.one). +A service to verify cryptographic signatures and credentials created by AIDs and ACDCs using [KERI](https://keri.one). ## Architecture @@ -15,44 +15,50 @@ kli init --name vdb --nopasscode --config-dir scripts --config-file verifier-con This requires a running vLEI server and KERI witness network. -The service can be launched with: +The service can be launched from the command-line with: ``` verifier server start --config-dir scripts --config-file verifier-config.json ``` -### Webapp -The web app (UI front-end) uses Signify/KERIA for selecting identifiers and credentials: - -See: [reg-pilot-webapp](https://github.com/GLEIF-IT/reg-poc-webapp) +Or from docker-compose with: -### Server -Provides the ability to: -* Log in using a vLEI ECR -* Upload signed files -* Check the status of an upload +``` +docker-compose build --no-cache +docker-compose down +docker-compose up deps +``` -See: [reg-pilot-server](https://github.com/GLEIF-IT/reg-poc-server) +### API -### Additional service -* KERI Witness Network -* vLEI server -* KERI Agent +#### Initial Authentication: +Clients that wish to authenticate with this service should present a credential to the PUT `/presentations/{said}` API and +then poll the GET `/authorizations/{aid}` until they get something other than a 404 or until they time out. -## Registering an AID as a Valid Report Submitter +#### Registering an AID as a Valid Report Submitter: For an AID to be registered as a valid report submitter it must use the `/presentations/{said}` API to present a valid vLEI ECR credential in the body of a PUT request with a content type of `application/json+cesr`. The `said` in the URL is the SAID of the credential being presented in the body. This API will return a 202 response code to indicate that the credential presentation has been accepted but with no indication of the validity of the presentation. -## Checking for Authorized AIDs +#### Checking for Authorized AIDs: To check whether an AID has already submitted a valid vLEI ECR credential, a client will use the `/authorizations/{aid}` API where the `aid` must be the holder of an already successfully submitted vLEI ECR credential. If the AID in the URL has never submitted a credential, this API will return a 404. If the AID has submitted an invalid credential, this API will return a 401. If the AID has submitted a valid credential that is currently not revoked, this API will return a 200 with a body that contains the AID and the SAID of the credential. -# Initial Authentication -Clients that wish to authenticate with this service should present a credential to the PUT `/presentations/{said}` API and -then poll the GET `/authorizations/{aid}` until they get something other than a 404 or until they time out. +## Peer projects +### Webapp +The web app (UI front-end) uses Signify/KERIA for selecting identifiers and credentials: + +See: [reg-pilot-webapp](https://github.com/GLEIF-IT/reg-pilot-webapp) + +### Server +The server provides the business layer and abstracts the underlying verification, but for the most part acts as a pass-through that provides the ability to: +* Log in using a vLEI ECR +* Upload signed files +* Check the status of an upload + +See: [reg-pilot-server](https://github.com/GLEIF-IT/reg-poc-server) diff --git a/docker-compose.yml b/docker-compose.yml index 2d2194d..d6172bd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -56,9 +56,9 @@ services: image: alpine command: ['echo', 'Dependencies running'] depends_on: - vlei-server: - condition: service_healthy + # vlei-server: + # condition: service_healthy vlei-verifier: condition: service_healthy - witness-demo: - condition: service_healthy \ No newline at end of file + # witness-demo: + # condition: service_healthy \ No newline at end of file diff --git a/src/verifier/core/authorizing.py b/src/verifier/core/authorizing.py index bbe9c6b..df633bf 100644 --- a/src/verifier/core/authorizing.py +++ b/src/verifier/core/authorizing.py @@ -22,6 +22,7 @@ class Schema: DES_ALIASES_SCHEMA="EN6Oh5XSD5_q2Hgu-aqpdfbVepdpYpFlgz6zvJL5b_r5" ECR_AUTH_SCHEMA = "EJOkgTilEMjPgrEr0yZDS_MScnI0pBb75tO54lvXugOy" ECR_SCHEMA = 'EHAuBf02w-FIH8yEVrD_qIkgr0uI_rDzZ-kTABmdmUFP' + ECR_SCHEMA_PROD = 'EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw' LEI_SCHEMA = "EHyKQS68x_oWy8_vNmYubA5Y0Tse4XMPFggMfoPoERaM" QVI_SCHEMA = "EFgnk_c08WmZGgv9_mpldibRuqFMTQN-rAgtD-TCOwbs" @@ -105,8 +106,9 @@ def processPresentations(self): self.vdb.iss.rem(keys=(said,)) creder = self.reger.creds.get(keys=(said,)) match creder.schema: - case Schema.ECR_SCHEMA: + case Schema.ECR_SCHEMA | Schema.ECR_SCHEMA_PROD: self.processEcr(creder) + break case _: print(f"invalid credential presentation, schema {creder.schema}") @@ -122,10 +124,13 @@ def processEcr(self, creder): """ if creder.issuer not in self.hby.kevers: - print(f"unknown presenter {creder.subject['i']}") + print(f"unknown issuer {creder.issuer}") + return + + issuee = creder.attrib["i"] + if issuee not in self.hby.kevers: + print(f"unknown issuee {issuee}") return - - kever = self.hby.kevers[creder.issuer] LEI = creder.attrib["LEI"] if LEI not in self.leis: @@ -139,7 +144,7 @@ def processEcr(self, creder): return print("Successful authentication, storing user.") - self.vdb.accts.pin(keys=(kever.serder.pre,), val=coring.Saider(qb64=creder.said)) + self.vdb.accts.pin(keys=(issuee,), val=coring.Saider(qb64=creder.said)) def processRevocations(self): """ Loop over database of credential revocations. diff --git a/tests/common.py b/tests/common.py index 489de90..3d734d0 100644 --- a/tests/common.py +++ b/tests/common.py @@ -16,7 +16,8 @@ from keri.vdr import credentialing, verifying, viring from keri.vdr.credentialing import Credentialer, proving -LEI = "254900OPPU84GM83MG36" +LEI1 = "254900OPPU84GM83MG36" +LEI2 = "875500ELOZEL05BVXV37" # @pytest.fixture # def setup_habs(): @@ -325,7 +326,7 @@ def get_ecr_data(): d="", personLegalName="Bank User", engagementContextRole="EBA Data Submitter", - LEI=f"{LEI}" + LEI=f"{LEI1}" ) def get_ecr_cred(issuer, recipient, schema, registry, sedge): @@ -364,7 +365,7 @@ def get_lei_cred(issuer, recipient, schema, registry, sedge): lei = dict( d="", - LEI=f"{LEI}" + LEI=f"{LEI1}" ) _, sad = coring.Saider.saidify(sad=lei, label=coring.Saids.d) @@ -395,7 +396,7 @@ def get_qvi_cred(issuer, recipient, schema, registry): qvi = dict( d="", - LEI=f"{LEI}" + LEI=f"{LEI1}" ) _, sad = coring.Saider.saidify(sad=qvi, label=coring.Saids.d) diff --git a/tests/conftest.py b/tests/conftest.py index e0ce8c6..e07daf0 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -31,8 +31,6 @@ "wil:http": "http://127.0.0.1:5643/", } -LEI = "254900OPPU84GM83MG36" - @pytest.fixture() def mockHelpingNowUTC(monkeypatch): """ diff --git a/tests/core/test_verifying.py b/tests/core/test_verifying.py index a6ae27e..0247369 100644 --- a/tests/core/test_verifying.py +++ b/tests/core/test_verifying.py @@ -108,7 +108,7 @@ def test_ecr(seeder): hby.kevers[hab.pre] = hab.kever - auth = Authorizer(hby, vdb, eccrdntler.rgy.reger, [LEI]) + auth = Authorizer(hby, vdb, eccrdntler.rgy.reger, [LEI1]) auth.processPresentations() result = client.simulate_get(f'/authorizations/{hab.pre}') diff --git a/tests/integration/test_service.py b/tests/integration/test_service.py index a948e74..691d92f 100644 --- a/tests/integration/test_service.py +++ b/tests/integration/test_service.py @@ -54,7 +54,7 @@ def test_service_ecr(seeder): httpServerDoer = http.ServerDoer(server=server) class testCf: def get(): - return dict(LEIs=[f"{LEI}"]) + return dict(LEIs=[f"{LEI1}",f"{LEI2}"]) authDoers = authorizing.setup(hby, vdb=vdb, reger=eccrdntler.rgy.reger, cf=testCf) doers = authDoers + [httpServerDoer] @@ -81,9 +81,9 @@ def get(): acdc = issAndCred.decode("utf-8") # use this for integration testing debugging sessions - # while True: - # time.sleep(1) - # doist.recur() + while True: + time.sleep(1) + doist.recur() exceptions = [] thread = threading.Thread(target=presentation_request,args=(ecsaid, acdc, exceptions)) From d283bca272dafba21eed79777271919de21559ea Mon Sep 17 00:00:00 2001 From: 2byrds <2byrds@gmail.com> Date: Wed, 1 May 2024 11:55:41 -0400 Subject: [PATCH 2/4] removed test loop Signed-off-by: 2byrds <2byrds@gmail.com> --- tests/integration/test_service.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/test_service.py b/tests/integration/test_service.py index 691d92f..5171ccb 100644 --- a/tests/integration/test_service.py +++ b/tests/integration/test_service.py @@ -81,9 +81,9 @@ def get(): acdc = issAndCred.decode("utf-8") # use this for integration testing debugging sessions - while True: - time.sleep(1) - doist.recur() + # while True: + # time.sleep(1) + # doist.recur() exceptions = [] thread = threading.Thread(target=presentation_request,args=(ecsaid, acdc, exceptions)) From 5f5ac0326b5e27bf2623e2eea9291357ef1999a5 Mon Sep 17 00:00:00 2001 From: 2byrds <2byrds@gmail.com> Date: Wed, 1 May 2024 13:34:12 -0400 Subject: [PATCH 3/4] successful run from docker with signify-ts vlei-verifier integration env Signed-off-by: 2byrds <2byrds@gmail.com> --- images/verifier.dockerfile | 2 +- scripts/keri/cf/verifier-config-docker.json | 25 +++++++++++++++++++++ scripts/keri/cf/verifier-config.json | 3 ++- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100755 scripts/keri/cf/verifier-config-docker.json diff --git a/images/verifier.dockerfile b/images/verifier.dockerfile index 06cc37f..a3b5191 100644 --- a/images/verifier.dockerfile +++ b/images/verifier.dockerfile @@ -9,4 +9,4 @@ WORKDIR /usr/local/var/vlei-verifier/ RUN pip install -r requirements.txt -ENTRYPOINT ["verifier", "server", "start", "--config-dir", "scripts", "--config-file", "verifier-config.json"] \ No newline at end of file +ENTRYPOINT ["verifier", "server", "start", "--config-dir", "scripts", "--config-file", "verifier-config-docker.json"] \ No newline at end of file diff --git a/scripts/keri/cf/verifier-config-docker.json b/scripts/keri/cf/verifier-config-docker.json new file mode 100755 index 0000000..573dcaf --- /dev/null +++ b/scripts/keri/cf/verifier-config-docker.json @@ -0,0 +1,25 @@ +{ + "dt": "2022-01-20T12:57:59.823350+00:00", + "iurls": [ + "http://host.docker.internal:5642/oobi/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha/controller", + "http://host.docker.internal:5643/oobi/BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM/controller", + "http://host.docker.internal:5644/oobi/BIKKuvBwpmDVA4Ds-EpL5bt9OqPzWPja2LigFYZN2YfX/controller" + ], + "durls": [ + "http://host.docker.internal:7723/oobi/EBNaNu-M9P5cgrnfl2Fvymy4E_jvxxyjb70PRtiANlJy", + "http://host.docker.internal:7723/oobi/EMhvwOlyEJ9kN4PrwCpr9Jsv7TxPhiYveZ0oP3lJzdEi", + "http://host.docker.internal:7723/oobi/EKA57bKBKxr_kN7iN5i7lMUxpMG-s19dRcmov1iDxz-E", + "http://host.docker.internal:7723/oobi/EEy9PkikFcANV1l7EHukCeXqrzT1hNZjGlUk7wuMO5jw", + "http://host.docker.internal:7723/oobi/ENPXp1vQzRF6JwIuS-mp2U8Uf1MoADoP_GqQ62VsDZWY", + "http://host.docker.internal:7723/oobi/EH6ekLjSr8V32WyFbGe1zXjTzFs9PkTYmupJ9H65O14g", + "http://host.docker.internal:7723/oobi/EBfdlu8R27Fbx-ehrqwImnK-8Cm79sqbAQ4MmvEAYqao" + ], + "LEIs": [ + "984500E5DEFDBQ1O9038", + "984500AAFEB59DDC0E43", + "254900OPPU84GM83MG36", + "9845004CC7884BN85018", + "98450030F6X9EC7C8336", + "875500ELOZEL05BVXV37" + ] +} \ No newline at end of file diff --git a/scripts/keri/cf/verifier-config.json b/scripts/keri/cf/verifier-config.json index 30d5de7..d7be532 100755 --- a/scripts/keri/cf/verifier-config.json +++ b/scripts/keri/cf/verifier-config.json @@ -19,6 +19,7 @@ "984500AAFEB59DDC0E43", "254900OPPU84GM83MG36", "9845004CC7884BN85018", - "98450030F6X9EC7C8336" + "98450030F6X9EC7C8336", + "875500ELOZEL05BVXV37" ] } \ No newline at end of file From adc79e55aed776a8e8df011046fa006b43c7ce8a Mon Sep 17 00:00:00 2001 From: 2byrds <2byrds@gmail.com> Date: Wed, 1 May 2024 13:51:17 -0400 Subject: [PATCH 4/4] merged with main Signed-off-by: 2byrds <2byrds@gmail.com> --- tests/core/test_verifying.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/core/test_verifying.py b/tests/core/test_verifying.py index 1343bf4..3ccb6f8 100644 --- a/tests/core/test_verifying.py +++ b/tests/core/test_verifying.py @@ -176,7 +176,7 @@ def test_ecr_missing(seeder): hby.kevers[hab.pre] = hab.kever - auth = Authorizer(hby, vdb, eacrdntler.rgy.reger, [LEI]) + auth = Authorizer(hby, vdb, eacrdntler.rgy.reger, [LEI1]) auth.processPresentations() result = client.simulate_get(f'/authorizations/{hab.pre}')